








Common Deficiencies in 
Transaction Monitoring & 
Suspicious Transaction Reporting 


Stewart McGlynn 

Senior Manager (AML) 
Anti-Money Laundering 

Hong Kong Monetary Authority 


ZAN HONG KONG MONETARY AUTHORITY 
Wu SELMA Bs 





MAI; Financial Services and the Treasury Bureau 
+ SĄ y . The Government of the Hong Kong Special Administrative Region 


Disclaimer 


> This presentation provides guidance to authorized institutions 





(“Als”) on issues relating to the Anti-Money Laundering and 
Counter-Terrorist Financing (Financial Institutions) Ordinance 
(“AMLO”) and the AMLO Guideline. The presentation is provided 
for training purposes and does not form part of the formal legal and 
regulatory requirements of the HKMA. It should not be substituted 
for seeking detailed advice on any specific case from an Al’s own 
professional adviser. 


The HKMA is the owner of the copyright and any other rights in the 
PowerPoint materials of this presentation. These materials may 
be used for personal viewing purposes or for use within an Al. 
Such materials may not be reproduced for or distributed to third 
parties, or used for commercial purposes, without the HKMAS prior 
written consent. 
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Senior Management Oversight 


> Senior management has an important role in the Als 
AML/CFT systems 

> Senior management should be satisfied that the Al’s 
AML/CFT systems are capable of addressing the ML/TF 
risks identified 
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Role of Senior Management 


> Section 23 of Schedule 2 - “Financial Institutions to 
prevent contravention of Part 2 or 3 of Schedule 2” 
. A financial institution must take all reasonable measures— 


(a) to ensure that proper safeguards exist to prevent a 
contravention of any requirement under Part 2 or 3 of this 
Schedule; and 


(b) to mitigate money laundering and terrorist financing risks. 
> Ultimate responsibility for ensuring the Bank’s systems 
are effective and comply with HKMA requirements rests 
with the Bank’s senior management (para 2.10-2.15 of 
AMLO Guideline) 
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Senior Management Oversight 


> Should have committee designated for AML/CFT 
oversight 
> Should have formal Terms of Reference 
> Minutes of meetings — should show 
e fundamental and key AML/CFT control issues discussed in 
meetings 
e timely follow up on AML/CFT-related issues discussed in the last 
meeting 
> Participation by management at sufficiently high level is 
needed 
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Transaction Monitoring 


> Are the Als transaction monitoring systems adequate, 
given their business activities and size? Are they used 
to support sanctions monitoring? 


> How does the Al ensure systematic investigations into 
unusual transactions and potential STRs? 
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Risk Based Approach 






Transaction Monitoring — MIS Reports 






> Manual monitoring with MIS reports vs 
automated transaction monitoring system 
> Type & Quality of MIS reports 
e To address Bank s Risks 
> Parameters for MIS Reports 
e thresholds — Justification / Reasonableness 
> Quality of Reviews 
e Bank should understand the transaction / pattern 
> Adequacy & Timeliness of Compliance Reviews 


e Should have policy or procedure for regular review of 
adequacy and parameters 
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Transaction Monitoring System 






> Alert handling 
e Should have sufficient justification / documentation 
e Should have adequate explanation for alert clearance (not just 
standard wordings) 
e Two level clearance / investigation 
e Staff awareness of alert scenarios 


> Reference may be made to HKMA Circular B10/1C 
dated 4 July 2008 
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Name Screening Process 





> Name matches / alerts 
e Itis for the Al to prove it has confirmed or eliminated a potential 
match (i.e. enhanced checking) 
e Should have sufficient justification and documentation for alert 
clearance 
e Quality of work performed 
e Need to have P&P underpinning this important activity 


> Updating of Database 
e Need to have clear P&P — maintenance process needs to be 
codified 
e Random checks to ensure accuracy 
> Consistency — Practice versus P&P 


> Where new methodology is employed 


e clean up exercise on existing customer base required 
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Transactions with high-risk jurisdictions 


> High-risk jurisdictions includes those sanctioned by the 
UN, but may also include others like jurisdictions which 
insufficiently apply FATF standards etc. 
> What is the handling requirement for hits 
e Need to have P&P in handling transactions involving high-risk 
jurisdictions 
e Experience based response not acceptable 


e Need explicit requirement to understand the purpose and ensure 
it is both commensurate with the customer and legitimate before 
execution 


e High Risk area 
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Suspicious Transaction Reports 


> To what extent does the Al 
understand and carry out, their 
detection and reporting 
obligations on the suspected 
proceeds of crime”? 
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Suspicious Transaction Reporting 


> P&P for resolution / escalation 
e Need Guidance 
e Timeframe to review internal reports / submit a report to the JFIU 
e Need tipping off reminder in acknowledgement 

> Limited Scope of Reviews 
e Period of transaction history attached to the STR 
e Connected accounts 

> Quality of internal/external Reports 
e Period of transaction history attached to the STR 


e Basic customer information should be included in the disclosure 
(e.g. business nature, usual transaction counterparties, etc.) 
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Wilfully Blind? 


> REVIEW the risk 

> MONITOR the risk 
> MITIGATE the risk 
> Requirement for P&P to support these steps 


Reminder - consent is only a word — 
NOT a risk assessment 
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Is your STR output effective? 


> Should consider, to what extent are the STRs 
provided by your Al submitted in a timely manner, 
containing relevant information that allows the JFIU 
to 
e Understand the basis of the suspicion 


e Conduct a proper analysis 
e Develop operational and strategic analysis 
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Role of CO/MLRO 


> MLRO should play an active role 
e the central reference point for STR 
e involved in the review of MIS etc 
e involved in testing the system 
> MLRO should have sufficient experience and exercise 
appropriate judgement call on suspicious activities 
identified 
> Role of CO 


e Where a compliance function is assigned to other parties (e.g. 
frontline staff), need compliance review on the work done 


e Need compliance testing, cannot rely completely on internal 
audit 
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Recap - MLRO 


Paragraph 7.19 


An FI should appoint a Money Laundering Reporting Officer (MLRO) as 
a central reference point for reporting Suspicious transactions. The Fl 
should have measures in place to check, on an ongoing basis that it 
has policies and procedures to ensure compliance with legal and 
regulatory requirements and of testing such compliance. The type and 
extent of the measures to be taken in this respect should be 
appropriate having regard to the risk of ML/TF and the size of the 
business. 
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Responsibility of the MLRO 






Paragraph 7.21 


It is the responsibility of the MLRO to consider all internal disclosures 
he receives in the light of full access to all relevant documentation and 
other parties. However, the MLRO should not simply be that of a 
passive recipient of ad hoc reports of suspicious transactions. Rather, 
the MLRO should play an active role in the identification and reporting 
of suspicious transactions. This may also involve regular review of 
exception reports or large or irregular transaction reports as well as ad 
hoc reports made by staff. 
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Law Enforcement Requests 






> Expectation - policy and procedures 


e Alist/ register / centralized record of all law enforcement 
requests received 


e Handle by appropriate personnel — normal legal / compliance 
e Screening 
e Ensure proper actions both on and offshore 


e Trigger Event! - Appropriate review of accounts subject to court 
order AND any ML/TF risk the relationship may present 
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Don’t retain law 
enforcement data 


for longer than necessary to 
fulfil the 
purpose for 
which it 

was collected 
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Other Observations 


> Large cash deposit 


° Need to ascertain whether source of funds and source of 
wealth are commensurate with customer background 


° Not to record account transfers as cash transactions 
> Non-account holder transactions 


e Ensure ID copy is retained on file for transactions of HKD 
120,000 or more 


> CDD - should not allow customers use personal 
accounts for business purposes 
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